diff --git a/hosts/metronom/backups.nix b/hosts/metronom/backups.nix index c5bf79b..36f9c5c 100644 --- a/hosts/metronom/backups.nix +++ b/hosts/metronom/backups.nix @@ -1,12 +1,13 @@ { flake, ... }: { - age.secrets."restic-repo-droppie" = { - file = "${flake.self}/secrets/restic-repo-droppie.age"; + age.secrets.restic-repo-garage-mail = { + file = "${flake.self}/secrets/restic-repo-garage-mail.age"; mode = "400"; owner = "root"; }; - age.secrets."restic-repo-storagebox" = { - file = "${flake.self}/secrets/restic-repo-storagebox.age"; + + age.secrets.restic-repo-garage-mail-env = { + file = "${flake.self}/secrets/restic-repo-garage-mail-env.age"; mode = "400"; owner = "root"; }; diff --git a/hosts/metronom/default.nix b/hosts/metronom/default.nix index a1699f1..581b151 100644 --- a/hosts/metronom/default.nix +++ b/hosts/metronom/default.nix @@ -7,6 +7,6 @@ ./networking.nix ./wireguard.nix - #./backups.nix + ./backups.nix ]; } diff --git a/modules/mail/default.nix b/modules/mail/default.nix index 9b28816..7a32f15 100644 --- a/modules/mail/default.nix +++ b/modules/mail/default.nix @@ -67,4 +67,23 @@ }; security.acme.acceptTerms = true; security.acme.defaults.email = "security@pub.solar"; + + services.restic.backups.mail-garage = { + paths = [ + "/var/lib/vmail" + "/var/lib/dkim" + ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-garage-mail".path; + environmentFile = config.age.secrets."restic-repo-garage-mail-env".path; + repository = "s3:https://buckets.pub.solar/mail-backups"; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + ]; + }; } diff --git a/secrets/restic-repo-garage-mail-env.age b/secrets/restic-repo-garage-mail-env.age new file mode 100644 index 0000000..7b5d397 Binary files /dev/null and b/secrets/restic-repo-garage-mail-env.age differ diff --git a/secrets/restic-repo-garage-mail.age b/secrets/restic-repo-garage-mail.age new file mode 100644 index 0000000..e78ca5b --- /dev/null +++ b/secrets/restic-repo-garage-mail.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 UE5Ceg ys38fGOhLJNLg9zx9T3v2VgF2IbOr/Y/rj2+dWkcAlU +QwkMX8WKgcJeGUomDSLjijen2K5UcRnYYwtebrITDqU +-> ssh-ed25519 uYcDNw wF0oWExIUjlP32CQzOvp6MyEvFw33Sm8pHhYn3Sb0zE +RHslJJumyXoCLHLw4sGlSLK++UHmgq97KPkqCu77G3o +-> ssh-rsa f5THog +pFSH+qCW+oM9zn2j+830+bja2rTXFuzATqfMNAq3o38ssW8Nl7+0FpkdMam4iYXu +sw4Pcaj1QPTO8PbhkEvjoOU4f0bUsVuJSIvcour4k8SUOBgEMiW/98AVSTIk6KBX +PvA+4uZn2Is+bB2m9EGCguwLJ9zzzfbur+USMQvwkQexg0YRpSfhJsRbCplLXhE+ +ZU6ut4HjCP0XWwvxgFzKc6sY4X+/PeWFJOd+WkWy5lL6gcMqUz5DXoi1CeG11AR4 +/hQ5KSJBpVsxw/ib3lSkGjA/ktQzwp4hZTI0l/dH9VHOFQflM8/9hPCYT2gsLVpF +7F2N++tMjgqbMI6Jve0gXLixpWFflr7X5UIBFW96k7/Aq2G+WUch/COQA6wTmfqw +OeP1wGd4Ka7YsgGByH5kuL60xDvtHG6+fYlnPXZAB5Fn86Ct6vRmWw9KUvLC7LKU +iBXDccJliY/y4vGFZH74EYlimurEfaBPiT5sxAk0Ke6hoJued3sZ39Qi+wuxMxFH +pleoFR/n1gBq2bu8FqTQaaNXB2Rsy7q4r5Fy1FxRJqDPgHJEmPx1k4rmYPq1VIaP +/ScOstPQgdMNBqVsBGoNYq7vewkzoPl6MkEwh6gP7IjtC1nvYxxwlGh0gESe3RFm +4MRh78EZaY9pmqIRAf/sRzajky26Aw+DkphmWNUjMTA +-> ssh-rsa kFDS0A +XsOTwrszUoHm2k4XSxiLniJZNWYfJOEn7riuDaQSGSW6ZpjMloD8K1FsZ/ZbMoUP +S/QD71rnETAhfQc8JAAHANOarxMXmSw3y1tSmlbL2h+TRnSoq74a1nK4Ble3aszu +y7tlUuUn3vEX6BVPRNOWM3bGW3oWNe5m0sMUAc4YSUXryWF4V48c/GbUp3T0OrRS +jm+5DWOPxt4VcLuCqe4Nv1jrjPnb7oui/7grMuottf3JRJJQxv9qZolRwlhkG2RN +4fuUSuOYnFUuHuaF2cfuTpOPaowLbh5H/Y6ETzOp+z9yNSuxRsdNgA63GrTsAorI +2axdnMakUsP7m3Xxu6YsVu8xP+Sso1xzPZoEQKA+2eol0fZpQvRPrZ59bqaf9p5U +VTIKSqIAIxyr/XN/s8S4ygaNKQZW8yBColG7TlggTth5v3XqAZ8RhcFXUg6z5lSr +RErV6Bio9JIZofvNEiJaqrl8uTo8dU4ymVuYZoEiT/mW3noqBrZlKUh6XZFMplmk +5giRTDThA3mirSTTELFCsc08kJMXqgkOzkPk5xm5kgP7VD6t/0SfGxetVWXOlUNd +dbprg8Oko1hdlO+LePY1n50TTFKBl9TeZWhvcLOhUizc0bTowUcXm+04Taf+MDwa +TMxplrtahOdCTz8k38c/HwBeHtfXRevh8A8Y1qnJXJY +-> piv-p256 vRzPNw AqccwzdKUA4RP2LzIfcTlAN9LsoEB/b7tGYyM8bk39Pn +f0srD9t9HaGY8OIAVImqJSrvHZRhxfMXkYwot4LJGeM +-> piv-p256 zqq/iw Aj8544WraFJMX2S6qyzi6CTal6sRnunmzbMO4KUQhJOO +BFiQSdLgrmgPnynqmSLNBqiWkyBme3KavSbi86HHSck +-> ssh-ed25519 YFSOsg Zece1bOI+mVc6079POREAnnzSG7ZytiTRDm+NzbbhVE +alK4ODfwrgRSDGWzcZmIuyZ88axaiMzSNfeGspsgk70 +-> ssh-ed25519 iHV63A LwfUkisQGB3txmxYYLlZSG6ddxVNVC9+UokxPiXEjRc +yRmtdHT9uM0YkS/s80jetMr1baDjGsaRubVKbJVPpCk +-> ssh-ed25519 BVsyTA +8LVssLl+DiF2f3H0KhAhvzEvTjciIAcRM9ZYwrGQh0 +CcQxWwMBdyXXzDv10vUmXBifYLXsHKOFd2/L95RGT5U +-> ssh-ed25519 +3V2lQ RWquIefIO5crVvrUxdatV7OvTv1Jabyq4IF209Ezkw0 +0SM43tcO7m7FQlNJe9QnhC9J9PwHoVxucRtZGpcACUE +--- xx8BodL5hv2CyeZ8m0tGXNzmH2DGaCveUNobqbAQK8U +)ŠÐÑ\³“9°c½ùt4Ê¿Á~ÁÆëºùeJ¥}<Ó¼Š§Å[‘¸Ø+*x’£>;m/ «&I»–÷Ò:Ï‘óÛ3 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ab52663..f8404a5 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -54,6 +54,8 @@ in "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys; "restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys; + "restic-repo-garage-mail.age".publicKeys = metronomKeys ++ adminKeys; + "restic-repo-garage-mail-env.age".publicKeys = metronomKeys ++ adminKeys; "drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys; "drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;